Closed Bug 957704 Opened 10 years ago Closed 10 years ago

Change apikey parameter name from "apikey" to "key for SafeBrowsing requests

Categories

(Toolkit :: Safe Browsing, defect)

x86_64
All
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla29
Tracking Status
firefox27 --- unaffected
firefox28 + verified
firefox29 + verified
firefox-esr24 --- unaffected

People

(Reporter: mmc, Assigned: mmc)

References

Details

Attachments

(1 file)

See https://bugzilla.mozilla.org/show_bug.cgi?id=957091#c12

Safebrowsing has switched from "apikey" to "key" for sending the key. This does not affect other Google API requests such as geolocation.
Group: mozilla-corporation-confidential
Monica does this have a timeline of FF28?  Just wondering based on comments in bug 957091 which suggest something changed there.
Flags: needinfo?(mmc)
(In reply to Lukas Blakk [:lsblakk] from comment #1)
> Monica does this have a timeline of FF28?  Just wondering based on comments
> in bug 957091 which suggest something changed there.

What happened was that Google deprecated the "apikey" URL param in favor of "key" without documenting or publicizing this change. Today they implemented a workaround to accept the deprecated "apikey" parameter for our particular case. While this is working for now, they have asked us to switch to the new name so they don't have to support the old parameter forever.

When we push this change to the new parameter to m-c, we should notify them of the target release. When that release hits stable + some number of iterations to make sure that most everyone is updated to the target release before they deprecate the old parameter on the server side again. In other words, most of the tracking needs to be done on Google's side, not the client side.

It's not a big deal to get this into 28. I think aiming for 29 is ok, since it gives us more time to observe that updates aren't broken.
Flags: needinfo?(mmc)
On second thought, we should try to get this fixed in 28. I'll work on this tomorrow (or gcp, if you want to take it, I'll review it in the morning).
So what about Firefox 24 ESR? I assume it also has to land on this branch, right?
Negative, we only started using the parameter in Firefox 28.
If this is low-risk enough to take on Aurora, let's aim to get it landed there before we merge to Beta in a few weeks (Feb 3).
Assignee: nobody → mmc
Status: NEW → ASSIGNED
Comment on attachment 8357841 [details] [diff] [review]
Switch from apikey to key for browser.safebrowsing.updateURL (

Testing by making the same change to about:config in release nightly on Windows, then watching to see if updates still work over the next couple of hours or using wireshark.
Attachment #8357841 - Flags: review?(gpascutto)
Attachment #8357841 - Flags: review?(doug.turner)
Deprecated documentation using "apikey" is here: https://developers.google.com/safe-browsing/developers_guide_v2

Google says that updated documentation is in the works.
Comment on attachment 8357841 [details] [diff] [review]
Switch from apikey to key for browser.safebrowsing.updateURL (

Review of attachment 8357841 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me. As discussed file a separate bug to switch all other platforms (B2G,Android,Metro) to use the API keys as well.
Attachment #8357841 - Flags: review?(gpascutto) → review+
HTTP 200s observed. I'll wait a bit to see if dougt or anyone else wants to review it.
Comment on attachment 8357841 [details] [diff] [review]
Switch from apikey to key for browser.safebrowsing.updateURL (

Review of attachment 8357841 [details] [diff] [review]:
-----------------------------------------------------------------

lgtm
Attachment #8357841 - Flags: review?(doug.turner) → review+
https://hg.mozilla.org/mozilla-central/rev/04b340ad3191
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla29
Comment on attachment 8357841 [details] [diff] [review]
Switch from apikey to key for browser.safebrowsing.updateURL (

[Approval Request Comment]
Bug caused by (feature/regressing bug #): A combination of Google changing the apikey parameter name and bug 887044. See https://bugzilla.mozilla.org/show_bug.cgi?id=957091#c12.
User impact if declined: Safebrowsing breakage for FF 28 if Google decides to obsolete the old parameter name again before 28 is EOLed.
Testing completed (on m-c, etc.): On current nightly, by observing that the new parameter gets HTTP 200 responses with the new URL parameter.
Risk to taking this patch (and alternatives if risky): This is pretty low risk.
String or IDL/UUID changes made by this patch: None.
Attachment #8357841 - Flags: approval-mozilla-aurora?
Attachment #8357841 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Flagging to verify that safe browsing hasn't regressed in Firefox 28/29.
Keywords: verifyme
Verified as fixed with Firefox 28 beta 6 on: Win 7 64-bit, Win 8.1 64-bit, Ubuntu 13.10 32-bit and Mac OS X 10.8.5: indeed, the apikey parameter name changed from "apikey" to "key" for the "browser.safebrowsing.updateURL" pref.

I've done some browsing, without issues, for the following secure sites:

https://www.facebook.com/
https://www.yahoo.com/
https://login.live.com/
https://www.youtube.com/
https://twitter.com/
https://www.amazon.com/
https://www.ebay.com/
https://addons.mozilla.org/en-US/firefox/
https://mail.google.com/
https://plus.google.com/
https://quality.mozilla.org
https://play.google.com/store?hl=en&tab=38
https://drive.google.com/
https://www.google.ro/
https://news.google.com/
https://en.wikipedia.org/wiki/Main_Page
Verified as fixed with latest Aurora 29.0a2 on: Win 8 64-bit, Ubuntu 13.10 32-bit and Mac OS X 10.9: indeed, the apikey parameter name changed from "apikey" to "key" for the "browser.safebrowsing.updateURL" pref.

I've done some browsing, without issues, for the following secure sites:

https://www.facebook.com/
https://www.yahoo.com/
https://login.live.com/
https://www.youtube.com/
https://twitter.com/
https://www.amazon.com/
https://www.ebay.com/
https://addons.mozilla.org/en-US/firefox/
https://mail.google.com/
https://plus.google.com/
https://quality.mozilla.org
https://play.google.com/store?hl=en&tab=38
https://drive.google.com/
https://www.google.ro/
https://news.google.com/
https://en.wikipedia.org/wiki/Main_Page
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: